Process Stalking is a term coined to describe the combined process of run-time profiling, state mapping and tracing. Consisting of a series of tools and scripts the goal of a successful stalk is to provide the reverse engineer with an intuitive visual interface to filtered, meaningful, run-time block-level trace data.
The Process Stalker suite is broken into three main components; an IDA Pro plug-in, a stand alone tracing tool and a series of Python scripts for instrumenting intermediary and GML graph files. The generated GML graph definitions were designed for usage with a freely available interactive graph visualization tool.
Data instrumentation is accomplished through a series of Python utilities built on top of a fully documented custom API. Binaries, source code and in-depth documentation are available in the bundled archive. An indepth article was written and released on OpenRCE.org detailing step by step usage of Process Stalker, the article is a good starting point for understanding the basics behind the tool set.
API docs: 33fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8W2k6s2u0S2L8g2)9J5k6i4u0W2k6r3S2A6N6X3g2Q4x3X3g2U0L8$3#2Q4x3V1k6H3M7X3!0U0k6i4y4K6i4K6g2X3M7%4c8S2L8r3E0A6L8X3N6Q4y4h3k6E0j5h3&6#2j5h3I4Q4x3V1k6H3M7#2)9#2k6X3q4H3K9g2)9#2k6X3c8G2j5%4y4Q4x3V1j5`.
